CVE-2022-40134

CWE-125 — Out-of-bounds Read5 documents4 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 84.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

326

Lenovo Bios Lenovo Ideacentre 3-07ada05 Firmware Lenovo Ideacentre 3-07imb05 Firmware +323 more

Timeline

PublishedJan 30

Latest updateJan 31

Description

An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages326 packages

▶CVEListV5lenovo/biosvarious

▶NVDlenovo/v520_firmwarem16kt68a

▶NVDlenovo/v520s_firmwarem16kt68a

▶NVDlenovo/qt_b415_firmwarem16kt68a

▶NVDlenovo/qt_m410_firmwarem16kt68a

🔴Vulnerability Details

GHSA

GHSA-p7vc-qcj9-2mj9: An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated↗2023-01-31

▶

CVEList

CVE-2022-40134: An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated↗2023-01-30

▶

🕵️Threat Intelligence

Qualys

Remediate Your Vulnerable Lenovo Systems with Qualys Custom Assessment and Remediation↗2022-09-28

▶